Suspicious spike in query volume
Managed by | Updated .
There are several factors contributing to a spike in query volume.
- Legitimate spike in query volume due to an event triggering a number of users to use search.
- Monitoring bots, penetration testing, etc.
- Addition of Funnelback hook scripts (extra searches hook scripts or full facets list collection.cfg setting)
If the spike is due to a monitoring bot/testing, blacklisting the IP in reporting_blacklist.cfg and re-building analytics will be the best way forward. In the case of hook scripts, no_log query processor option can be added. Care must be taken to add no_log option only to extra searches as adding it to the main collection will prevent legitimate user queries from being logged. This will drastically affect analytics and logs for the duration of this setting in place will be lost.
Was this artcle helpful?